Headers

LordRogaine

I'm trying to make a user login section fro my website. There is one part where the user puts in his username and password. If everything checks out, I have a header that will redirect him to a members section of the site. If his user info doesn't check out correctly he is directed back to his login page. problem is that when I put in false info, my header still directs me to the members section as if everything was fine. I'm putting my header at the top with session_start() is this correct?
<?
session_start();
header("Location: http://mysite.com/login_success.php");
?>

planetsim

in this order make sure theres no <html><head>etc so in otherwords no output.. if there is this will not work..

session_start n register
than your header
if you swap these are around your session will not be registered nor started so.. If your sessions are set up correctly no one will be able to login

crickettdt

Post the whole log in function, and i will work out why it aint working.

I have extensive experience with headers, and will be able to work it out for you.

LordRogaine

Thankyou very much. Here is the whole page setup I am using. I'm a newbie and confused lol Thanks again!

<?
session_start();
header("Location: http://Mysite.com/login_success.php");
?>
<html>

<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<meta name="GENERATOR" content="Microsoft FrontPage 4.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
<title>checkuser</title>
</head>

<body>
<?

include 'db.php';

$username = $POST['username'];
$password = $POST['password'];

if((!$username) || (!$password)){
echo "Please enter ALL of the information! ";
include 'http://www.Mysite.com/login_form.htm';
exit();
}

// Convert password to md5 hash
$password = md5($password);

// check if the user info validates the db
$sql = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password' AND activated='1'");
$login_check = mysql_num_rows($sql);

if($login_check > 0){
while($row = mysql_fetch_array($sql)){
foreach( $row AS $key => $val ){
$$key = stripslashes( $val );
}
// Register some session variables!
session_register('first_name');
$SESSION['first_name'] = $first_name;
session_register('last_name');
$SESSION['last_name'] = $last_name;
session_register('email_address');
$SESSION['email_address'] = $email_address;
session_register('special_user');
$SESSION['user_level'] = $user_level;

	mysql_query("UPDATE users SET last_login=now() WHERE userid='$userid'");


}

} else {
echo "You could not be logged in! Either the username and password do not match or you have not validated your membership! 
Please try again! ";
include 'http://www.Mysite.com/login_form.htm';
}
?>
</body>

</html>

crickettdt

You had 1 too many $ signs in your code

$$key = stripslashes( $val );

Try is without the extra dollar sign.

LordRogaine

That didn't work. Still have the same problem.

This is how the script looked originally. Notice where the header was placed after in the script. When I put bad info in the member login it goes to the corrct page. But when I put the correct info in I get
Warning: Cannot add header information - headers already sent by (output started at /home/www/MySite/checkuser.php:15)

if($login_check > 0){
while($row = mysql_fetch_array($sql)){
foreach( $row AS $key => $val ){
$key = stripslashes( $val );
}
// Register some session variables!
session_register('first_name');
$SESSION['first_name'] = $first_name;
session_register('last_name');
$SESSION['last_name'] = $last_name;
session_register('email');
$SESSION['email'] = $email;
session_register('special_user');
$SESSION['user_level'] = $user_level;

	mysql_query("UPDATE users SET last_login=now() WHERE userid='$userid'");

header("Location: http://Mysite.com/login_success.php");

} else {
echo "You could not be logged in! 
Either the username and password do not match, or you have not validated your membership! 
Please try again! ";
include 'http://MySite.com/loginpage.htm';
}

Thanks again for your help

crickettdt

That error message means that HTML has already been output.

Where in the script do you call the header - as they can only work if no HTML has been outputed already.

So check that none of your PHP outputs any HTML above the header.

LordRogaine

I'm totally confused now. If I place the header up top with the session() start the page works when a user puts in correct login info and brings him to the member area of my site. If the user puts in false info it still brings him to the member area.

If I leave the the header after I register session variable in the script it won't allow users to the member area if they put in false info, but it also won't work now because I ge an error message. I'm totally confused here.

crickettdt

Post the code again, with all the functions, so i can see what they all do etc, better yet, email it to me.